# Server Configuration
HOST="localhost"
PORT=3000
NODE_ENV=development

# Database connection string
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/friendolls_dev?schema=public"

# Redis
REDIS_HOST=localhost
REDIS_PORT=6379

# JWT Configuration
# Keycloak realm URL (no trailing slash). Example: https://keycloak.example.com/realms/friendolls
JWT_ISSUER=https://your-keycloak-instance.com/auth/realms/your-realm-name

# The expected audience in the JWT token (usually the client ID for this API)
JWT_AUDIENCE=friendolls-api

# Keycloak client used for access tokens
KEYCLOAK_CLIENT_ID=friendolls-api
# Optional: client secret for revoking refresh tokens (omit for public clients)
KEYCLOAK_CLIENT_SECRET=

# JWKS URI for fetching public keys to verify JWT signatures
# Format: {KEYCLOAK_AUTH_SERVER_URL}/realms/{KEYCLOAK_REALM}/protocol/openid-connect/certs
JWKS_URI=https://your-keycloak-instance.com/auth/realms/your-realm-name/protocol/openid-connect/certs